<?php
	include('../../../db.php');
	$root = $_SERVER['DOCUMENT_ROOT'] . '/DirectOrder/';
	
	
	function sendEmail ($email) {
				$to = $email;
				$subject = 'Confirm Registration';
				$message = "
				<html>
				<head>
					<title>DirectOrder Confirmation</title>
				</head>
				<body>
					<p>Click the link below to confirm your registration.<br/></p>
					<a href='http://gdecastro2.cuttingedgespace.com/DirectOrder/scripts/confirm.php?email=$email'>Complete Registration</a><br/>
					<p>Thank you for registering with us.</p>
				</body>
				</html>";
				$headers  = 'MIME-Version: 1.0' . "\r\n";
				$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
				$headers .= "From: directorder@gdecastro2.cuttingedgespace.com";
				$success = mail($to,$subject,$message,$headers);
				return $success;
			}
	function isLoggable($formInput){
	/* returns the response from the login attempt */
		global $db;
		
		$lUsername = $formInput['login_username'];
		$lPassword = $formInput['login_password'];
		$lPassword = sha1($lPassword);
		
		$query = "SELECT * FROM users WHERE username = :u AND password = :p AND confirmed = 1";
		$statement = $db->prepare($query);
		$statement->bindValue(':u',$lUsername);
		$statement->bindValue(':p',$lPassword);
		$statement->execute();
	
		$rowCount = $statement->rowCount();
		
			
		if ($rowCount == 1) {
				// if there is a row in the database, they can enter the site
				$user = $statement->fetch();
				session_start();
				$_SESSION['username'] = $lUsername;
				if($user['admin'] == 1){
					$_SESSION['admin'] = true;
					return 'admin';
				}
				else{
					$_SESSION['admin'] = false;
					return 'true';
				}
		}
		else {
			// if unable to enter, bring back the login page
			//Define error message
			$query = "SELECT * FROM users WHERE username = :u AND password = :p";
			$statement = $db->prepare($query);
			$statement->bindValue(':u',$lUsername);
			$statement->bindValue(':p',$lPassword);
			$statement->execute();
			
			$rowCount = $statement->rowCount();
			$statement ->closeCursor();
			
			if($rowCount == 1)
			{
				$login_error = 'Your account is not confirmed';
			}
			else
			{
				$query = "SELECT * FROM users WHERE username = :u";
				$statement = $db->prepare($query);
				$statement->bindValue(':u',$lUsername);
				$statement->execute();
				
				$rowCount = $statement->rowCount();
				$statement ->closeCursor();
				
				if($rowCount == 1){
					$login_error = 'Incorrect password.';
				}
				else{
					$login_error = "This username doesn't exists.";
				}
			}
			return '<span id=\'login_error\'>'.$login_error.'</span>';
		}
	}
	function register($formInput){
		global $db;

		$sign_name 		= $formInput['sign_name'];
		$sign_surname 	= $formInput['sign_surname'];
		$sign_email 	= $formInput['sign_email'];
		$sign_username 	= $formInput['sign_username'];
		$sign_password 	= $formInput['sign_password'];
	
				
		if(!empty($sign_username)){
			$query = "SELECT * FROM  `users` WHERE username =  :u OR email =  :e";
			$statement = $db->prepare($query);
			$statement->bindValue(':u',$sign_username);
			$statement->bindValue(':e',$sign_email);
			$statement->execute();
	
			$rowCount = $statement->rowCount();
			$statement ->closeCursor();
	
			if ($rowCount == 1) {
				// if there is a row in the database, they can not sign up
				$query = "SELECT * FROM users WHERE username = :u";
				$statement = $db -> prepare($query);
				$statement -> bindValue(':u',$sign_username);
				$statement -> execute();
				$rows = $statement -> rowCount();
				$statement -> closeCursor();
				
				if ($rows == 1) {
					$signup_error = 'Username is already taken.  Please choose another.';
				}
				else {
					$signup_error = 'This email already has an account with us.  Please use another email.';
				}
			}
			else {
			  
				$query = "INSERT INTO users (name, surname, email, username,password) VALUES(:sName, :sSurname, :sEmail, :sUsername, :sPsw)";

				$statement = $db->prepare($query);
				$statement->bindValue(':sName', $sign_name);
				$statement->bindValue(':sSurname', $sign_surname);
				$statement->bindValue(':sEmail', $sign_email);
				$statement->bindValue(':sUsername', $sign_username);
				$sign_password = sha1($sign_password); //Password Encrypt
				$statement->bindValue(':sPsw', $sign_password);
				
				$statement->execute();
			  
				$statement->closeCursor();
				
				if(sendEmail($sign_email))
					return 'true';
				else
					$signup_error = 'We could not email you cornfirmation, please review your email';

			}
		}
		else{
		  $signup_error = 'There is something wrong with your information.';
		}

		return '<span id=\'signup_error\'>'.$signup_error.'</span>';
	}
?>